<!DOCTYPE html>
<html>

<head>
	<meta charset="utf-8">
	<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
	<meta name="theme-color" content="#33474d">
	<title>Linux下使用iptables实现内网的ftp端口映射 | 失落的乐章</title>
	<link rel="stylesheet" href="/css/style.css" />
	
      <link rel="alternate" href="/atom.xml" title="失落的乐章" type="application/atom+xml">
    
</head>

<body>

	<header class="header">
		<nav class="header__nav">
			
				<a href="/archives" class="header__link">Archive</a>
			
				<a href="/tags" class="header__link">Tags</a>
			
				<a href="/atom.xml" class="header__link">RSS</a>
			
		</nav>
		<h1 class="header__title"><a href="/">失落的乐章</a></h1>
		<h2 class="header__subtitle">技术面前，永远都是学生。</h2>
	</header>

	<main>
		<article>
	
		<h1>Linux下使用iptables实现内网的ftp端口映射</h1>
	
	<div class="article__infos">
		<span class="article__date">2017-10-12</span><br />
		
		
			<span class="article__tags">
			  	<a class="article__tag-link" href="/tags/Linux/">Linux</a>
			</span>
		
	</div>

	

	
		<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;有两台机器，其中一台A 有内网和外网，B机器只有内网。</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;想达到的目的： 通过A机器的外网去访问B机器的ftp（21）</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;环境：<br>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;A机器外网IP为  123.234.12.22(eth1)  内网IP为 192.168.10.20 (eth0)<br>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;B机器内网为 192.168.10.21</p>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;实现方法：</p>
<ol>
<li><p>让你的linux支持ftp的端口转发<br><code>modprobe ip_nat_ftp</code> ,加载ip_nat_ftp模块（若没有编译进内核），以使ftp能被正确NAT<br>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; <code>modprobe ip_conntrack_ftp</code>  ,加载ip_conntrack_ftp模块</p>
</li>
<li><p>在A机器上打开端口转发功能</p>
</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">vi  /etc/sysctl.conf</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;使 net.ipv4.ip_forward = 1</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">sysctl -p</div></pre></td></tr></table></figure>
<ol>
<li>在A机器上创建iptables规则</li>
</ol>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">iptables -t nat -I PREROUTING -d 123.234.12.22   -p tcp --dport 21 -j DNAT --to 192.168.10.21:21</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;把访问外网21端口的包转发到内网ftp服务器</p>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><div class="line">1</div></pre></td><td class="code"><pre><div class="line">iptables -t nat -I POSTROUTING -d 192.168.10.21 -p tcp --dport 21 -j SNAT --to 192.168.10.20</div></pre></td></tr></table></figure>
<p>&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;把到内网ftp服务器的包回源到内网网卡上，不然包只能转到ftp服务器，而返回的包不能到达客户端</p>

	

	
		<span class="different-posts"><a href="/2017/10/12/1. Linux 基础/61. Linux下使用iptables实现内网的ftp端口映射/" onclick="window.history.go(-1); return false;">⬅️ Go back </a></span>

	

</article>

	</main>

	<footer class="footer">
	<div class="footer-content">
		
	      <div class="footer__element">
	<p>Hi there, <br />welcome to my Blog glad you found it. Have a look around, will you?</p>
</div>

	    
	      <div class="footer__element">
	<h5>Check out</h5>
	<ul class="footer-links">
		<li class="footer-links__link"><a href="/archives">Archive</a></li>
		
		  <li class="footer-links__link"><a href="/atom.xml">RSS</a></li>
	    
		<li class="footer-links__link"><a href="/about">about page</a></li>
		<li class="footer-links__link"><a href="/tags">Tags</a></li>
		<li class="footer-links__link"><a href="/categories">Categories</a></li>
	</ul>
</div>

	    

		<div class="footer-credit">
			<span>© 2017 失落的乐章 | Powered by <a href="https://hexo.io/">Hexo</a> | Theme <a href="https://github.com/HoverBaum/meilidu-hexo">MeiliDu</a></span>
		</div>

	</div>


</footer>



</body>

</html>
